Setting up an OIDC Dynamic Provider
Step 3: Setup connection
Here is where you define the connection to the external provider, 'Authority' being the location of the provider and the 'Client Id', used to identify this provider with the external identity provider.
| Name | Required | Type | Description |
|---|---|---|---|
Authority |
Yes | URL | URL of the provider, must begin with https:// |
Client ID |
Yes | Text | ID for the client in the external provider |
Callback Path |
Yes | OAuth Flow | Path of the ACS endpoint. Only in RSK mode |
OAuth Flow |
Yes | OAuth Flow | Determines the value of the use PKCE option in IdentityServer |
Step 4: Define Scopes
Now set scopes used for external provider, by default 'openid' is required but you are able to add more here by entering them in the text box and clicking the add button.
Step 5: Define Client Secret
Here you can set the secret for the client setup in the external provider, if the external provider does not require a client secret, this can be left blank.
Step 6: Define Sign-In and Sign-Out Schemes (Only in RSK mode)
Here we select the Sign in and Sign out Schemes that will handle authentication:
| Name | Required | Type | Description |
|---|---|---|---|
Sign in Scheme |
Yes | Text | Sign in Scheme representing an authentication handler on your IDS code |
Different Sign Out Scheme |
No | Boolean | Enable entering Sign out Scheme different to the Sign in Scheme |
Sign out Scheme |
No | Text | Sign out Scheme representing an authentication handler on your IDS code |
The interface offers default schemes for IdentityServer and Asp.Identity in the form of radio buttons. These options will automatically populate the Sign in or Sign out Scheme fields. However, you also have the flexibility to manually enter a custom scheme if desired.
Step 7: Summary
The final step in the creation process is a summary that will allow you to review the settings for the dynamic provider as a whole and then also go back and make changes. There is also the option to disable the provider if you do not wish it to be active immediately.
